CVE-2023-44463
Summary
| CVE | CVE-2023-44463 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-02 20:15:00 UTC |
| Updated | 2023-10-04 16:39:00 UTC |
| Description | An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| pretix – The world's most flexible ticket shop | MISC | pretix.eu | |
| Comparing v2023.7.0...v2023.7.1 · pretix/pretix · GitHub | MISC | github.com | |
| Security release 2023.7.1 of pretix – pretix – Reinventing ticket sales for conferences, festivals, exhibitions, ... | CONFIRM | pretix.eu | |
| Tags · pretix/pretix · GitHub | MISC | github.com | |
| Fix incorrect handling of boolean configuration flags · pretix/pretix@ccdce2c · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995513 Python (Pip) Security Update for pretix (GHSA-j9gq-w73w-9h6c)